CVE-2017-8811 — Improper Input Validation in Mediawiki
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 44.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 15
Latest updateMay 17
Description
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages3 packages
Also affects: Debian Linux 9.0
Patches
🔴Vulnerability Details
2📋Vendor Advisories
1Debian▶
CVE-2017-8811: mediawiki - The implementation of raw message parameter expansion in MediaWiki before 1.27.4...↗2017